Infinibyte Cloud Rules of Behavior for External Users

The following Rules of Behavior for External Users defines the acceptable use of Infinibyte information and information systems by users who do not have system-level access. The Rules of Behavior use the term sensitive information to refer to personally identifiable information (PII), protected health information (PHI), controlled unclassified information (CUI), proprietary data, etc. This policy does not supersede any other applicable law or higher-level agency directive.   The Infinibyte Cloud Information System Security Officer (ISSO) or representative is responsible for the development and management of this policy.  Questions, comments, suggestions, and requests for information about this policy should be directed to the Infinibyte Cloud Service Desk by submitting a request at support@infinibytecloud.com or by calling (301) 628-3500.

•        You must process only data that pertains to official business and is authorized to be processed on the system.

•        Your level of access to Infinibyte Cloud systems is limited to ensure your access is no more than necessary to perform your legitimate tasks or assigned duties.  If you believe you are being granted access that you should not have, you must immediately notify the Infinibyte Cloud Service Desk.

•        You must use only the data for which you have been granted authorization.

•        You must ensure that access is assigned based on the Infinibyte Cloud system owner’s approval.

•        You must ensure that access to sensitive data is based on your job function.

•        You must notify the Infinibyte Cloud system owner if access to system resources is beyond that which is required to perform your job.

•        You must notify the Infinibyte Cloud system owner when you no longer have a legitimate need to access an Infinibyte Cloud system, so that your access is revoked.

•        You must not browse, search, or reveal sensitive information except in accordance with that which is required to perform your legitimate tasks or assigned duties, or without express written permission of an Infinibyte Cloud system owner.

•        You must ensure that sensitive information entered into systems is restricted to team members on a need-to-know basis.

•        You must not retrieve information, or in any other way disclose information, for someone who does not have authority to access that information.

•        You must not post Infinibyte Cloud or customer information to external newsgroups, social media and/or other types of third-party website applications, or other public forums without authority.

•        You must not use DLH-provided identifiers (e.g., email addresses) and authentication secrets (e.g., passwords) to create accounts on external sites/applications including social media, third-party websites or other public forums.

•        You must not process U.S. classified national security information on any system in Infinibyte Cloud for any reason.

•        You must keep passwords, Personal Identity Verification (PIV) cards, Personal Identification Numbers (PIN), and other access credentials confidential; an Infinibyte Cloud employee should never ask you to reveal them.

•        You must not use another person’s account, identity, password/passcode/PIN, or PIV card.

•        You must promptly change password(s) when required by Infinibyte Cloud policy and if you suspect that it has been compromised.

•        You must follow proper logon/logoff procedures.  You must promptly log off when session access is no longer needed.  Never leave your computer unattended while logged into the system.

•        You must report all suspected and identified information security incidents and privacy breaches related to Infinibyte Cloud systems to the Infinibyte Cloud Service Desk, as soon as possible, without unreasonable delay and no later than within one (1) hour of occurrence or discovery.

•        You must discontinue use of any system resources that show signs of being infected by a virus or other malware and report the suspected incident.

•        You must comply with all applicable federal, state, and local laws and regulations, including without limitation those related to data privacy, international communications, and the exportation of technical or personal data.

•        You must familiarize yourself with any special requirements for accessing, protecting, and utilizing data, including Privacy Act requirements, copyright requirements, and procurement of sensitive data.

•        You must seek guidance from the Infinibyte Cloud system owner, Infinibyte Cloud Information System Security Officer, or Infinibyte Cloud Service Desk if you are unclear about security and privacy policies.

•        You understand that any person who obtains information from a computer connected to the Internet in violation of his or her employer’s computer-use restrictions is in violation of the Computer Fraud and Abuse Act.